GHSA-JQQ5-8PX3-9M6M: Single-Byte Heap Overflow Bypass in ImageMagick JSON and YAML Encoders

ImageMagick and its .NET wrapper, Magick.NET, utilize specific encoder modules to serialize image metadata and pixel data into various text-based formats. The JSON and YAML encoders are responsible for parsing internal image structures and formatting them into standards-compliant structured text. This functionality is often exposed in automated image processing pipelines where metadata extraction is required.

Vulnerability GHSA-JQQ5-8PX3-9M6M represents a heap-based buffer overflow condition within these specific encoders. The defect is classified under CWE-122 (Heap-based Buffer Overflow) and more specifically CWE-193 (Off-by-one Error). This flaw allows an attacker to write exactly one byte beyond the allocated bounds of a heap buffer during the serialization process.

The issue stems from an incomplete remediation applied to a preceding vulnerability tracked as CVE-2026-40169. While the original patch attempted to sanitize boundary conditions during metadata formatting, it failed to account for a specific edge case. Consequently, the mitigation was bypassed, leaving applications processing untrusted images vulnerable to memory corruption.

The core defect resides in the memory allocation and boundary checking logic within the coders/json.c and coders/yaml.c source files. When ImageMagick exports image data to JSON or YAML, it dynamically calculates the required buffer size based on the length of the input strings and the structural overhead of the output format.

In the vulnerable implementation, the size calculation routine contained a subtle arithmetic error when processing specific image properties or metadata fields. The allocation routine provisioned a buffer that was exactly one byte too small to hold the fully formatted string and its mandatory null-terminating character.

During the final memory write operation, the string formatting function appends the null terminator to the end of the constructed string. Because the buffer was under-allocated by a single byte, this terminating character is written to the memory address immediately following the allocated heap chunk. This behavior directly corrupts the adjacent memory region managed by the heap allocator.

The patch analysis requires examining the commit that introduced the security refinement. The vulnerable code calculated the required string length using a loop that aggregated the lengths of individual metadata components. However, it omitted the necessary padding required for the final formatting token or the null terminator.

// Vulnerable snippet representation (prior to 7.1.2-19)
size_t buffer_length = CalculateMetadataLength(image);
// Missing +1 for the terminator in specific edge cases
char *json_buffer = (char *) AcquireQuantumMemory(buffer_length, sizeof(char));
 
// ... string construction loop ...
 
// The following write exceeds the buffer by 1 byte
json_buffer[buffer_length] = '\0'; 

The remediation implemented in commit 84a15bf introduces a strict bound calculation that comprehensively accounts for all formatting characters and terminating bytes. The patch ensures that the AcquireQuantumMemory allocation request matches the exact maximum required size of the final serialized payload.

// Patched snippet representation (7.1.2-19 and later)
size_t buffer_length = CalculateMetadataLength(image);
// Explicitly allocate space for the null terminator
char *json_buffer = (char *) AcquireQuantumMemory(buffer_length + 1, sizeof(char));
 
// ... string construction loop ...
 
json_buffer[buffer_length] = '\0'; 

By properly aligning the buffer length with the structural requirements of the serialization format, the patch eliminates the off-by-one write condition. The allocator now provisions a chunk large enough to safely contain the entire string sequence without overflowing into adjacent memory.

Exploitation of this vulnerability requires the target application to process a specially crafted image file and export it using the affected JSON or YAML formatters. The attacker does not require authentication, provided the application accepts unauthenticated file uploads for processing. The execution trigger typically occurs when a command line or API call explicitly requests the JSON or YAML output format.

Upon processing the crafted file, the off-by-one write deposits a single byte, often a null byte (0x00), into the metadata of the adjacent heap chunk. In standard heap implementations like glibc ptmalloc, overwriting the least significant byte of a chunk's size field alters the allocator's perception of available memory boundaries.

While a single-byte overwrite typically results in application denial of service via a segmentation fault during subsequent allocator operations, sophisticated exploitation paths exist. By precisely manipulating the heap layout through prior allocations, an attacker can align the target chunk with a victim object. Overwriting the size field can lead to overlapping chunks, which provides a primitive for broader memory corruption and potential code execution.

The primary impact of this vulnerability is an application-level denial of service. The memory corruption triggered by the out-of-bounds write disrupts the internal state of the heap allocator. When the application subsequently attempts to allocate or free memory, the corrupted chunk metadata causes the process to abort, terminating the service.

The CVSS 3.1 vector evaluates this vulnerability as AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, resulting in a moderate severity score of 6.2. The local attack vector classification indicates that the attacker must provide a file to the system, though in web application contexts where image processing is exposed to external users, this is effectively remotely exploitable.

Confidentiality and integrity are generally not impacted by a straightforward denial of service attack utilizing this vector. However, if an attacker successfully pivots the single-byte overwrite into a reliable overlapping chunks exploit, the impact score would elevate significantly, as arbitrary code execution could compromise the entire host system.

The definitive resolution for GHSA-JQQ5-8PX3-9M6M requires updating the affected software to the patched versions. ImageMagick core installations must be upgraded to version 7.1.2-19 or later. Applications utilizing the Magick.NET wrapper must update their NuGet package dependencies to version 14.12.0 or later across all target architectures.

For environments where immediate patching is not feasible, administrators can implement defense-in-depth mitigations by restricting the functionality of the ImageMagick delegators. Modifying the policy.xml configuration file to explicitly deny the execution of the JSON and YAML coders prevents the vulnerable code paths from being reached.

<policymap>
  <policy domain="coder" rights="none" pattern="JSON" />
  <policy domain="coder" rights="none" pattern="YAML" />
</policymap>

This configuration change serves as an effective temporary workaround. Security teams should verify that this restriction does not disrupt critical business logic that relies on metadata extraction into these specific formats.